Académique Documents
Professionnel Documents
Culture Documents
TECH
STUDY MATERIAL
ELECTRONIC COMMERCE
DEPARTMENT OF MCA
JUNE – 2010
R S
Vel Tech
Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering
College
Vel Tech High Tech Dr. Rangarajan Dr.Sakunthala Engineering
College
SEM - V
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
INDEX
I. Introduction 06
R S
∗Student Strength of Vel Tech increased from 413 to 10579, between 1997 and 2010.
∗Our heartfelt gratitude to AICTE for sanctioning highest number of seats and highest number
of courses for the academic year 2009 – 2010 in Tamil Nadu, India.
∗Consistent success on academic performance by achieving 97% - 100% in University examination
results during the past 4 academic years.
∗Tie-up with Oracle Corporation for conducting training programmes & qualifying our students
for International Certifications.
∗Permission obtained to start Cisco Networking Academy Programmes in our College campus.
∗Satyam Ventures R&D Centre located in Vel Tech Engineering College premises.
∗Signed MOU with FL Smidth for placements, Project and Training.
∗Signed MOU with British Council for Promotion of High Proficiency in Business English,
of the University of Cambridge, UK (BEC).
∗Signed MOU with NASSCOM.
∗MOU’s currently in process is with Vijay Electrical and One London University.
∗Signed MOU with INVICTUS TECHNOLOGY for projects & Placements.
∗Signed MOU with SUTHERLAND GLOBAL SERVICES for Training & Placements.
∗Signed MOU with Tmi First for Training & Placements.
VELTECH, VEL TECH MULTI TECH engineering colleges Accredited by TCS
VEL TECH, VEL TECH MULTI TECH, VEL TECH HIGH TECH, engineering colleges & VEL SRI RANGA SANKU
(ARTS & SCIENCE) Accredited by CTS.
Companies Such as TCS, INFOSYS TECHNOLOGIES, IBM, WIPRO TECHNOLOGIES, KEANE SOFTWARE & T
INFOTECH, ACCENTURE, HCL TECHNOLOGIES, TCE Consulting Engineers, SIEMENS, BIRLASOFT,
MPHASIS(EDS), APOLLO HOSPITALS, CLAYTON, ASHOK LEYLAND, IDEA AE & E, SATYAM VENTURES,
UNITED ENGINEERS, ETA-ASCON, CARBORANDUM UNIVERSAL, CIPLA, FUTURE GROUP, DELPHI-TVS
DIESEL SYSTEMS, ICICI PRULIFE, ICICI LOMBARD, HWASHIN, HYUNDAI, TATA CHEMICAL LTD, RECKITT
BENKIZER, MURUGAPPA GROUP, POLARIS, FOXCONN, LIONBRIDGE, USHA FIRE SAFETY, MALCO,
YOUTELECOM, HONEYWELL, MANDOBRAKES, DEXTERITY, HEXAWARE, TEMENOS, RBS, NAVIA MARKETS,
EUREKHA FORBES, RELIANCE INFOCOMM, NUMERIC POWER SYSTEMS, ORCHID CHEMICALS, JEEVAN
DIESEL, AMALGAMATION CLUTCH VALEO, SAINT GOBAIN, SONA GROUP, NOKIA, NICHOLAS PHARIMAL,
SKH METALS, ASIA MOTOR WORKS, PEROT, BRITANNIA, YOKAGAWA FED BY, JEEVAN DIESEL visit our
campus annually to recruit our final year Engineering, Diploma, Medical and Management Students.
1. Define E-Commerce.
2. What is Internet ?
The internet is a collection of wires, protocols and hardware that allows the
electronic transmission of data over TCP/IP. The Internet forms a global n/w of
computers that can share data and programs. the computers are connected through a
series of LAN, WAN and transfer data through he communication rules set forth by the
TCP/IP.
Each and every system have its own unique IP address. Sun Microsystems
developed the DNS in the early 1980s. It converted numeric IP address into character
IPaddress.
b. Packet Switching:
Internet is a packet switched system. All data transferred across the internet is
broken into packets.
c. Routing:
It serve as intermediaries b/w the n/w.
Building blocks of the internet. They direct traffic and translate msg so that
different n/w technologies can communicate with one another.
4. What is a Network?
A “network” has been defined as any set of interlinking lines resembling a net, a
network of roads || an interconnected system, a network of alliances.'' This definition
suits our purpose well: a computer network is simply a system of interconnected
computers. How they're connected is irrelevant, and as we'll soon see, there are a
number of ways to do this.
5. Components of a Network:
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
1. Concentrator
2. Hub
3. Repeater
4. Bridges
5. Modem
6. Routers
7. Cables
6. What is Security?
In the computer industry, refers to techniques for ensuring that data stored in a
computer cannot be read or compromised by any individuals without authorization.
Most security measures involve data encryption and passwords. Data encryption is
the translation of data into a form that is unintelligible without a deciphering
mechanism. A password is a secret word or phrase that gives a user access to a
particular program or system.
7. Network security :
Consists of the provisions made in an underlying computer network
infrastructure, policies adopted by the network administrator to protect the network
and the network-accessible resources from unauthorized access and the effectiveness
(or lack) of these measures combined together.
8. What is a protocol?
• They work in the same way as traditional checks, thus simplifying customer
education
• Electronic checks are well suited for clearing micro payments
• Electronic checks create float and the availability of float is an important
requirement for
commerce.
• Financial risk is assumed by the accounting server and may result in easier
acceptance.
15. What are the advantages of TCP/IP Protocol?
• They are everywhere! It's the common worldwide standard now for networking.
• Interoperability: different types computers from different vendors can
communicate seamlessly if they speak the same TCP/IP language.
• Built-in intelligent mechanisms for error and flow control.
• Many others, just Google advantages of TCP/IP.
PART – B
Technological features
Data travels across the Internet through several levels of networks until it
reaches its destination. E-mail messages arrive at the mail server (similar to the local
post office) from a remote personal computer connected by a modem, or a node on a
local-area network. From the server, the messages pass through a router, a special-
purpose computer ensuring that each message is sent to its correct destination. A
message may pass through several networks to reach its destination. Each network
has its own router that determines how best to move the message closer to its
destination, taking into account the traffic on the network. A message passes from
one network to the next, until it arrives at the destination network, from where it can
be sent to the recipient, who has a mailbox on that network. See also Electronic mail;
Local-area networks; Wide-area networks.
TCP/IP
The file transfer protocol (FTP) allows a user on any computer to get files from
another computer, or to send files to another computer. Security is handled by
requiring the user to specify a user name and password for the other computer.
The network terminal protocol (TELNET) allows a user to log in on any other
computer on the network. The user starts a remote session by specifying a computer
to connect to. From that time until the end of the session, anything the user types is
sent to the other computer.
The World Wide Web (WWW) is based on technology called hypertext. The Web
may be thought of as a very large subset of the Internet, consisting of hypertext and
hypermedia documents. A hypertext document is a document that has a reference (or
link) to another hypertext document, which may be on the same computer or in a
different computer that may be located anywhere in the world. Hypermedia is a
similar concept except that it provides links to graphic, sound, and video files in
addition to text files.
In order for the Web to work, every client must be able to display every
document from any server. This is accomplished by imposing a set of standards
known as a protocol to govern the way that data are transmitted across the Web.
Thus data travel from client to server and back through a protocol known as the
HyperText Transfer Protocol (http). In order to access the documents that are
transmitted through this protocol, a special program known as a browser is required,
which browses the Web. See also World Wide Web.
A major service on the Internet. To understand exactly how the Web relates to
the Internet, see Web vs. Internet. The World Wide Web is made up of "Web servers"
that store and disseminate "Web pages," which are "rich" documents that contain
text, graphics, animations and videos to anyone with an Internet connection.
The heart of the Web technology is the hyperlink, which connects each
document to each other by its "URL" address, whether locally or in another country.
"Click here" caused the Web to explode in the mid-1990s, turning the Internet into the
largest shopping mall and information source in the world. It also enabled the concept
of a "global server" that provides a source for all applications and data (see Web 2.0).
The Browser
Web pages are accessed by the user via a Web browser application such as
Internet Explorer, Netscape, Safari, Opera and Firefox. The browser renders the pages
on screen, executes embedded scripts and automatically invokes additional software
as needed. For example, animations and special effects are provided by browser plug-
ins, and audio and video are played by media player software that either comes with
the operating system or from a third party.
A Web page is a text document embedded with HTML tags that define how the
text is rendered on screen. Web pages can be created with any text editor or word
processor. They are also created in HTML authoring programs that provide a graphical
interface for designing the layout. Authoring programs generate the HTML tags behind
the scenes, but the tags can be edited if required. Many applications export
documents directly to HTML, thus basic Web pages can be created in numerous ways
without HTML coding. The ease of page creation helped fuel the Web's growth.
A collection of Web pages makes up a Web site. Very large organizations deploy
their Web sites on inhouse servers or on their own servers co-located in a third party
facility that provides power and Internet access. Small to medium sites are generally
hosted by Internet service providers (ISPs). Millions of people have developed their
own mini Web sites as ISPs typically host a small number of personal Web pages at no
extra cost to individual customers.
The Intranet
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
The public Web spawned the private "intranet," an inhouse Web site for
employees. Protected via a firewall that lets employees access the Internet, the
firewall restricts uninvited users from coming in and viewing internal information.
There is no difference in intranet and Web architectures. It has only to do with who
has access.
HTML pages are transmitted to the user via the HTTP protocol. A Web server
stores HTML pages for a Web site, but it can also be a storehouse for any kind of file
delivered to a client application via HTTP. For example, the Windows version of this
Encyclopedia is available as an HTTP application. The text and images are hosted on
The Computer Language Company's Web server and delivered to the Windows client
in the user's PC. The Windows client is an HTTP-enabled version of the popular
interface first introduced in 1996 for stand-alone PCs and client/server LANs.
The World Wide Web was developed at the European Organization for Nuclear
Research (CERN) in Geneva from a proposal by Tim Berners-Lee in 1989. It was
created to share research information on nuclear physics. In 1991, the first command
line browser was introduced. By the start of 1993, there were 50 Web servers, and the
Voila X Window browser provided the first graphical capability. In that same year,
CERN introduced its Macintosh browser, and the National Center for Supercomputing
Applications (NCSA) in Chicago introduced the X Window version of Mosaic. Mosaic
was developed by Marc Andreessen, who later became world famous as a principal at
Netscape.
By 1994, there were approximately 500 Web sites, and, by the start of 1995,
nearly 10,000. By the turn of the century, there were more than 30 million registered
domain names. Many believe the Web signified the real beginning of the information
age. However, those people who still use analog dial-up modems consider it the
"World Wide Wait."
Everyone has some interest in the Web. ISPs, cable and telephone companies
want to give you connectivity. Webmasters want more visitors. IT managers want
more security. The publishing industry wants to preserve its copyrights. Hardware and
software vendors want to make every product Web accessible. Nothing in the
computer/communications field ever came onto the scene with such intensity. Even
with the dot-com crash of 2000/2001, the future of the Web is going to be very
exciting. Stay tuned! See Web 2.0, Internet, HTTP, HTML, World Wide Wait and Wild
Wooly Web.
Value. The item at the center of the commerce transaction -- the product, service, or
property that is to be sold/bought -- has some kind of value. Its price is determined
and validated through the performance of the transaction. The seller agrees to a
selling price, and the buyer agrees to a buying price. The value of an item, especially
the relative value an item has for the buyer, is much easier to appraise if that item is
close at hand.
Community. Customers can interact with other customers and gain feedback about
the merchant from other customers, as well as by observing the merchant interacting
with other customers.
Privacy. Customers can make purchases anonymously with cash; they usually don't
have to give their name or address. They don't usually have to worry about what a
store will do with their personal information, although this is becoming more of an
issue with various recent attempts by lawyers to access private sales and rental
records. Privacy is often a measure of how much of his or her identity a buyer wants
to invest in a transaction; sometimes, we just want to quietly make our purchase and
leave with it.
Not every commerce transaction is identical, and not every transaction is the
same type of transaction. In my experience, I have dealt with roughly five types of
commerce transaction offline (this is not an attempt at a taxonomy of commerce
transactions, just my common-sense exploration of my own experience):
Retail store
This is by far the most common commerce experience in American culture: you
walk into a store that is stocked with merchandise for immediate sale -- bookstores,
grocery stores, hardware stores -- and find what you want, then purchase it. You leave
the store with the product, assuming immediate ownership.
When a retail store doesn't stock the product you want, or is currently out of
stock, you often have the option of special ordering the product. If a bookstore doesn't
care a small press book title that you want, and the title is in print, you can usually
special order the title from the store; the store locates the product, buys it, then
resells it you. Delayed gratification, but you have the advantage of dealing with a
merchant face-to-face. I would consider rain checks in this same category.
Catalogue store
Mail order catalogues, with their operators standing by, have been around
longer than the internet. While you can't touch and feel the merchandise prior to
ordering, you can at least speak with a live person when placing the order; I've had
some excellent shopping experiences with mail order catalog customer service reps.
Bargaining
I find this the strangest form of commerce transaction; I simply am not used to
bargaining... just give me a price, and I'll decide whether or not to pay it. The United
States is not a country with a vibrant bargaining culture, but if you travel
internationally you will encounter cultures that thrive on bargaining. In the U.S.,
buying an automobile or shopping at collectors conventions is often a bargaining
experience.
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
While these may be different types of commerce transactions, they are all
clearly related. They share elements like the roles involved (seller and buyer), steps in
the transactions (price must be agreed upon, money must change hands), and
underlying concepts (the value of this merchandise to me, do I know this merchant?).
Ultimately, these different transactions differ only slightly on some few elements, with
the bulk of the transaction adhering to the internal models that we have built for what
commerce is like.
E-commerce advantages
E-commerce systems can operate all day every day. Your physical storefront
does not need to be open in order for customers and suppliers to be doing business
with you electronically.
The Internet spans the world, and it is possible to do business with any business
or person who is connected to the Internet. Simple local businesses such as specialist
record stores are able to market and sell their offerings internationally using e-
commerce. This global opportunity is assisted by the fact that, unlike traditional
communications methods, users are not charged according to the distance over which
they are communicating.
c. Speed.
The market in which web-based businesses operate is the global market. It may
not be evident to them, but many businesses are already facing international
competition from web-enabled businesses.
The Internet makes it very easy to 'shop around' for products and services that
may be cheaper or more effective than we might otherwise settle for. It is sometimes
possible to, through some online research, identify original manufacturers for some
goods - thereby bypassing wholesalers and achieving a cheaper price.
f. Computer platform-independent .
'Many, if not most, computers have the ability to communicate via the Internet
independent of operating systems and hardware. Customers are not limited by
existing hardware systems' (Gascoyne & Ozcubukcu, 1997:87).
People can interact with businesses at any hour of the day that it is convenient
to them, and because these interactions are initiated by customers, the customers
also provide a lot of the data for the transaction that may otherwise need to be
entered by business staff. This means that some of the work and costs are effectively
shifted to customers; this is referred to as 'customer outsourcing'.
Using aspects of e-commerce technology can mean your business can source
and use products and services provided by other businesses in other countries. This
seems obvious enough to say, but people do not always consider the implications of
e-commerce. For example, in many ways it can be easier and cheaper to host and
operate some e-commerce activities outside Australia. Further, because many e-
commerce transactions involve credit cards, many businesses in Australia need to
make arrangements for accepting online payments. However a number of major
Australian banks have tended to be unhelpful laggards on this front, charging a lot of
money and making it difficult to establish these arrangements - particularly for
smaller businesses and/or businesses that don't fit into a traditional-economy
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
understanding of business. In some cases, therefore, it can be easier and cheaper to
set up arrangements which bypass this aspect of the Australian banking system.
Admittedly, this can create some grey areas for legal and taxation purposes, but
these can be dealt with. And yes these circumstances do have implications for
Australia's national competitiveness and the competitiveness of our industries and
businesses.
It is possible to visit a local music store and walk out with a compact disc, or a
bookstore and leave with a book. E-commerce is often used to buy goods that are not
available locally from businesses all over the world, meaning that physical goods need
to be delivered, which takes time and costs money. In some cases there are ways
around this, for example, with electronic files of the music or books being accessed
across the Internet, but then these are not physical goods.
When you walk out of a shop with an item, it's yours. You have it; you know
what it is, where it is and how it looks. In some respects e-commerce purchases are
made on trust. This is because, firstly, not having had physical access to the product,
a purchase is made on an expectation of what that product is and its condition.
Secondly, because supplying businesses can be conducted across the world, it can be
uncertain whether or not they are legitimate businesses and are not just going to take
your money. It's pretty hard to knock on their door to complain or seek legal recourse!
Thirdly, even if the item is sent, it is easy to start wondering whether or not it will ever
arrive.
c. Perishable goods .
Forget about ordering a single gelato ice cream from a shop in Rome! Though
specialised or refrigerated transport can be used, goods bought and sold via the
Internet tend to be durable and non-perishable: they need to survive the trip from the
supplier to the purchasing business or consumer. This shifts the bias for perishable
and/or non-durable goods back towards traditional supply chain arrangements, or
towards relatively more local e-commerce-based purchases, sales and distribution. In
contrast, durable goods can be traded from almost anyone to almost anyone else,
sparking competition for lower prices. In some cases this leads to disintermediation in
which intermediary people and businesses are bypassed by consumers and by other
businesses that are seeking to purchase more directly from manufacturers.
e. Returning goods.
h .Personal service .
Although some human interaction can be facilitated via the web, e-commerce
can not provide the richness of interaction provided by personal service. For most
businesses, e-commerce methods provide the equivalent of an information-rich
counter attendant rather than a salesperson. This also means that feedback about
how people react to product and service offerings also tends to be more granular or
perhaps lost using e-commerce approaches. If your only feedback is that people are
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
(or are not) buying your products or services online, this is inadequate for evaluating
how to change or improve your e-commerce strategies and/or product and service
offerings. Successful business use of e-commerce typically involves strategies for
gaining and applying customer feedback. This helps businesses to understand,
anticipate and meet changing online customer needs and preferences, which is
critical because of the comparatively rapid rate of ongoing Internet-based change.
E-commerce is most often conducted using credit card facilities for payments,
and as a result very small and very large transactions tend not to be conducted
online. The size of transactions is also impacted by the economics of transporting
physical goods. For example, any benefits or conveniences of buying a box of pens
online from a US-based business tend to be eclipsed by the cost of having to pay for
them to be delivered to you in Australia. The delivery costs also mean that buying
individual items from a range of different overseas businesses is significantly more
expensive than buying all of the goods from one overseas business because the
goods can be packaged and shipped together.
Internet Advantages:
b. Structural
You can measure anything; how many people saw your advertisement banners,
how many clicked on it, how many asked information or a price quote and how many
sales on resulted from that campaign. You can measure how many people came to
your website through certain key words in a search-engine and calculate the profits
per 1.000 visitors on THAT specific keyword. How many pages did people look at?
What section of my content is more popular? What is the "normal route"? What it the
most frequent "exit page" (from where they leave your site". How many visitors are
NEW to the site and how many are repeat-visits?
d. Interactive
Visitors can do a test, they can get an automatic price-quote through a form,
they can participate in a forum, ask a question through different feedback systems
(including online).
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
e. Community building
f. Low cost
Just compare the costs of sending out physical mailing to 25,000 addresses,
with the costs of an e-mailing to 250.000 e-mail addresses.
Whether 1,000 visitors come to your site or 25,000, the increased cost is
marginal. Compare that with printing more brochures, producing more videos or using
a call centre for another 2,000 calls.
Pay for every time someone SEES your advertisement, or only when they CLICK
on your banner advertisement, or even only when they fill out a form, that identifies
them and makes them approachable OR even ONLY pay, when you actually get a
SALE from another website.
j. Low "hassle" environment
Apart from "pop-ups and pop-unders"; Many possible clients will find it "safer" to
look around on a website anonymously, rather than asking a question to a real life
person.
1. Establishing Trust
2. Negotiating a Deal
3. Payment and Settlement
4. Payment Vehicles and Currencies
5. Products and Delivery
Electronic Transactions :
8. With a neat sketch explain the Electronic Commerce industry frame work?
Introduction
Electronic commerce is the ability to perform transactions involving the exchange
of goods or services between two or more parties using electronic tools and
techniques. Long employed by large businesses and financial service organizations,
several factors are now converging to bring electronic commerce to a new level of
utility and viability for small businesses and individuals -- thereby promising to make
it part of everyday life.
This white paper discusses primarily technical issues that, if properly addressed,
can guide the evolution of electronic commerce. However, it is recognized that
numerous complex social, legal and regulatory issues of equal importance must also
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
be addressed if the potential of electronic commerce is to be realized. These include
finding acceptable methods for authentication and protection of information,
accomodating the special needs of law enforcement and international transactions,
and creating the requisite means, technological and otherwise, of settling disputes.
We point them out here specifically to emphasize their importance, but do not treat
them at length in this paper. The remainder of the paper answers the following
questions about electronic commerce:
Types of information
providers
EC functions
The following ten functions must be provided in order to EC to occur; in essense, they
are the enablers of EC:
The provision of the above ten EC functions does not necessitate the involvement
of an equivalent number of parties; many of these will be carried out by the same
provider. For example, the Hosting Service can be the same organization as the
Publisher/Aggregator.
Introduction of E-commerce.
The meaning of the term "electronic commerce" has changed over the last 30
years. Originally, "electronic commerce" meant the facilitation of commercial
transactions electronically, usually using technology like Electronic Data Interchange
(EDI) and Electronic Funds Transfer (EFT), where both were introduced in the late
1970s, for example, to send commercial documents like purchase orders or invoices
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
electronically.
In the dot com era, it came to include activities more precisely termed "Web
commerce" -- the purchase of goods and services over the World Wide Web, usually
with secure connections (HTTPS, a special server protocol that encrypts confidential
ordering data for customer protection) with e-shopping carts and with electronic
payment services, like credit card payment authorizations.
When the Web first became well-known among the general public in 1994,
many journalists and pundits forecast that e-commerce would soon become a major
economic sector. However, it took about four years for security protocols (like HTTPS)
to become sufficiently developed and widely deployed. Subsequently, between 1998
and 2000, a substantial number of businesses in the United States and Western
Europe developed rudimentary web sites.
Internet :
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
The internet is a collection of wires, protocols and hardware that allows the
electronic transmission of data over TCP/IP. The Internet forms a global n/w of
computers that can share data and programs. the computers are connected through a
series of LAN, WAN and transfer data through he communication rules set forth by the
TCP/IP.
TCP -> S/w ensures the safe and reliable transfer of the data.
IP -> IP S/w sets the rules for data transfer over a n/w.
11. Define WWW and Advantages of E-Commerce?
Advantages of E-Commerce:
UNIT – II
(SECURITY TECHNOLOGIES)
PART – B
A computer that delivers (serves up) Web pages. Every Web server has an IP
address and possibly a domain name. For example, if you enter the URL
http://www.pcwebopedia.com/index.html in your browser, this sends a request to the
server whose domain name is pcwebopedia.com. The server then fetches the page
named index.html and sends it to your browser
Network that does not establish a dedicated path through the network for
the duration of a session, opting instead to transmit data in units called packets
in a connectionless manner. Data streams are broken into packets at the front
end of a transmission, sent over the best available network connection, and
then reassembled in their original order at the destination endpoint.
In computer science, a software agent is a piece of software that acts for a user
or other program in a relationship of agency
4. Define DNS.
(1) Short for Domain Name System (or Service or Server), an Internet service that
translates domain names into IP addresses. Because domain names are alphabetic,
they're easier to remember. The Internet however, is really based on IP addresses.
Every time you use a domain name, therefore, a DNS service must translate the name
into the corresponding IP address. For example, the domain name www.example.com
might translate to 198.105.232.4.
The concept of an agent has become important in both Artificial Intelligence (AI)
and mainstream computer science. Our aim in this paper is to point the reader at
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
what we perceive to be the most important theoretical and practical issues associated
with the design and construction of intelligent agents.
Markup language is a set of codes or tags that surrounds content and tells a
person or program what that content is (its structure) and/or what it should look like
(its format). Markup tags have a distinct syntax that sets them apart from the content
that they surround
a. Confidentiality
b. Authenticity
c. Integrity
Some serious risks are when u transmit data across the internet.
PART – B
1. Explain Internet ?
The internet is a collection of wires, protocols and hardware that allows the
electronic transmission of data over TCP/IP. The Internet forms a global n/w of
computers that can share data and programs. the computers are connected through a
series of LAN, WAN and transfer data through he communication rules set forth by the
TCP/IP.
TCP -> S/w ensures the safe and reliable transfer of the data.
IP -> IP S/w sets the rules for data transfer over a n/w.
The hacker who stole 20,000 credit card numbers did not exploit any weakness
in the internet protocols; he exploited the weakness in the security of the
computer where those numbers were stored.
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
Some serious risks are when u transmit data across the internet.
• A Bigger Risk
1.password
The bottom line is that the Internet is a public network, and anyone
concerned with transmission security needs to approach the Internet in the same way
one would approach communicating by any other public means. Internet
communications are functionally equivalent (at least as far as security goes) to
communicating in a public hall. Conversations between you and your neighbor can be
overheard by anyone who wants to eavesdrop; if you want to talk to someone at the
opposite end of the hall, you’ve got to rely on intermediaries to carry the message
between you.
Security Concerns:
1. Confidentiality
2. Authenticity
3. Integrity
2. Explain Cryptography?
Plaintext > encrypt > cipher > n/w > cipher >decrypt >
text text plaintext
Here we are using Keys to convert plain text into cipher text.
1. Symmetric key / Private Key --- >same key shared b/w sender and
receiver(for encryption and decryption).
Sender(Plaintext)->Encryp(using private key)->cipher text
|(across the n/w)
Cipher text->Decrypt(using same key)->(Plaintext)Receiver
2. Asymmetric key / Public Key two keys are used .one key is used for
Encryption(public key) and one key is used for Decryption(Private key).
a. Transposition text.
b. Substitution text.
a. Encryption
b. Digital Signature
c. Nonrepudiation and MessageIntegrity
Even though we have several encryption methods there are some intruders are
The preceding discussion about private and public key cryptography has avoided
the issue of how to manage key distribution. As with all the other aspects of
cryptography, there are well known problems pertaining to secure and reliable key
distribution. To illustrate, a simple scenario:
• Bob and Alice are two acquaintances who communicate by e-mail on occasion.
• Evil Robert, impersonating Bob, sends a forged piece of e-mail to Alice,
requesting a secure communication channel using public key encryption.
• Included in this forged message is Evil Robert’s public key(which he represents
as Bob’s public key).
• Alice receives the message and encrypts a reply using what she believes to be
Bob’s public key(but which is actually Evil Robert’s public key).
• Evil Robert receives the message, decrypts it with her own secret key, and is
able to communicate with Alice while pretending to be job.
of course, this scenario can be easily defeated if jones could some how verify that the
public key matches the person who sends it.
Data Encryption Standard:
DES operates on 64-bit blocks with a 56-bit secret key. Designed for hardware
implementation, its operation is relatively fast and works well for large bulk
documents or encryption. Instead of defining just one encryption algorithm, DES
defines a whole family of them. With a few exceptions, a different algorithm is
generated for each secret key. This means that everybody can be told about the
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
algorithm and ur message will still be secure. u just need to tell others ur secret key a
number less than 2power56. the number 2power56 is also large enough to make it
difficult to break the code using a brute force attack(trying to break the cipher by
using all possible keys).
DES has withstood the test of time. Describe the fact that its algorithm is well
known, it is impossible to break the cipher without using tremendous amount of
computing power. A new technique for improving the security of DES is triple
Encryption (Triple DES) that is ,encrypting each message block using three different
keys in succession. Triple DES thought to be equivalent to doubling the key size of
DES, to 112 bits, should prevent Decryption by a Third Party capable of single-key
exhaustive search(mh81) . Of Course, using Triple Encryption takes three times as
long as single encryption DES. If u use DES three times on the same msg with
different secret-keys, it is virtually impossible to break it using existing algorithms.
Over the past few years several new, faster symmetric algorithm have been
developed , but DES remains the most frequently used.
With the wider application of public key cryptography for the purpose of commerce,
mechanisms for the trusted publication and distribution of public keys are necessary.
Simply having a merchant(or customer) send a copy of a public key will not do, since
a forger could sent her own public key while pretending to be someone else.
5. Explain FireWall ?
This article is about the network security device. For other uses, see Firewall
(disambiguation).
FireWall Diagram
Authentication
Although messages may often include information about the entity sending a
message, that information may not be accurate. Digital signatures can be used to
authenticate the source of messages. When ownership of a digital signature secret
key is bound to a specific user, a valid signature shows that the message was sent by
that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an account. If
the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission. Although
encryption hides the contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption algorithms, known as
nonmalleable ones, prevent this, but others do not.) However, if a message is digitally
signed, any change in the message will invalidate the signature. Furthermore, there is
no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible
by most cryptographic hash functions (see collision resistance).
Non-repudiation
DES is now considered to be insecure for many applications. This is chiefly due to the
56-bit key size being too small; in January, 1999, distributed.net and the Electronic
Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15
minutes (see chronology). There are also some analytical results which demonstrate
theoretical weaknesses in the cipher, although they are infeasible to mount in
practice. The algorithm is believed to be practically secure in the form of Triple DES,
although there are theoretical attacks. In recent years, the cipher has been
superseded by the Advanced Encryption Standard (AES).
In some documentation, a distinction is made between DES as a standard and DES the
algorithm which is referred to as the DEA (the Data Encryption Algorithm). When
spoken, "DES" is either spelled out (IPA: /diː iː ɛs/) as an abbreviation or pronounced
as a single syllable (IPA: /dɛs/) acronym.
History of DES
This section does not cite any references or sources. (April 2008)
Please help improve this section by adding citations to reliable sources. Unverifiable
material may be challenged and removed.
The origins of DES go back to the early 1970s. In 1972, after concluding a study on
the US government's computer security needs, the US standards body NBS (National
Bureau of Standards) — now named NIST (National Institute of Standards and
Technology) — identified a need for a government-wide standard for encrypting
unclassified, sensitive information. Accordingly, on 15 May 1973, after consulting with
the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria.
None of the submissions, however, turned out to be suitable. A second request was
issued on 27 August 1974. This time, IBM submitted a candidate which was deemed
acceptable — a cipher developed during the period 1973–1974 based on an earlier
algorithm, Horst Feistel's Lucifer cipher. The team at IBM involved in cipher design
and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl
Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant
Tuckerman.
"In the development of DES, NSA convinced IBM that a reduced key size was
sufficient; indirectly assisted in the development of the S-box structures; and certified
that the final DES algorithm was, to the best of their knowledge, free from any
statistical or mathematical weakness."[2]
"NSA did not tamper with the design of the algorithm in any way. IBM invented
and designed the algorithm, made all pertinent decisions regarding it, and concurred
that the agreed upon key size was more than adequate for all commercial applications
for which the DES was intended."[3]
Another member of the DES team, Walter Tuchman, is quoted as saying, "We
developed the DES algorithm entirely within IBM using IBMers. The NSA did not dictate
a single wire!"[4]
Some of the suspicions about hidden weaknesses in the S-boxes were allayed in
1990, with the independent discovery and open publication by Eli Biham and Adi
Shamir of differential cryptanalysis, a general method for breaking block ciphers. The
S-boxes of DES were much more resistant to the attack than if they had been chosen
at random, strongly suggesting that IBM knew about the technique back in the 1970s.
This was indeed the case — in 1994, Don Coppersmith published the original design
criteria for the S-boxes. According to Steven Levy, IBM Watson researchers discovered
differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the
technique secret.[5] Coppersmith explains IBM's secrecy decision by saying, "that was
because [differential cryptanalysis] can be a very powerful tool, used against many
schemes, and there was concern that such information in the public domain could
adversely affect national security." Levy quotes Walter Tuchman: "[t]hey asked us to
stamp all our documents confidential... We actually put a number on each one and
locked them up in safes, because they were considered U.S. government classified.
They said do it. So I did it".[6] Shamir himself commented, "I would say that, contrary
to what some people believe, there is no evidence of tampering with the DES so that
the basic design was weakened."[citation needed]
The other criticism — that the key length was too short — was supported by the
fact that the reason given by the NSA for reducing the key length from 64 bits to 56
was that the other 8 bits could serve as parity bits, which seemed somewhat
specious.[citation needed] It was widely believed that NSA's decision was motivated by the
possibility that they would be able to brute force attack a 56 bit key several years
before the rest of the world would.[citation needed]
Another theoretical attack, linear cryptanalysis, was published in 1994, but it was a
brute force attack in 1998 that demonstrated that DES could be attacked very
practically, and highlighted the need for a replacement algorithm. These and other
methods of cryptanalysis are discussed in more detail later in the article.
The introduction of DES is considered to have been a catalyst for the academic study
of cryptography, particularly of methods to crack block ciphers. According to a NIST
retrospective about DES,
The DES can be said to have "jump started" the nonmilitary study and development
of encryption algorithms. In the 1970s there were very few cryptographers, except for
those in military or intelligence organizations, and little academic study of
cryptography. There are now many active academic cryptologists, mathematics
departments with strong programs in cryptography, and commercial information
security companies and consultants. A generation of cryptanalysts has cut its teeth
analyzing (that is trying to "crack") the DES algorithm. In the words of cryptographer
Bruce Schneier [9],[8] "DES did more to galvanize the field of cryptanalysis than
anything else. Now there was an algorithm to study." An astonishing share of the open
literature in cryptography in the 1970s and 1980s dealt with the DES, and the DES is
the standard against which every symmetric key algorithm since has been compared.
[9]
Chronology
Yea
Date Event
r
197
15 May NBS publishes a first request for a standard encryption algorithm
3
197
27 August NBS publishes a second request for encryption algorithms
4
197
17 March DES is published in the Federal Register for comment
5
197
August First workshop on DES
6
197
September Second workshop, discussing mathematical foundation of DES
6
197
November DES is approved as a standard
6
197
15 January DES is published as a FIPS standard FIPS PUB 46
7
198
DES is reaffirmed for the first time
3
198 Videocipher II, a TV satellite scrambling system based upon DES begins use
6 by HBO
198
22 January DES is reaffirmed for the second time as FIPS 46-1, superseding FIPS PUB 46
8
199 Biham and Shamir rediscover differential cryptanalysis, and apply it to a 15-
July
0 round DES-like cryptosystem.
Biham and Shamir report the first theoretical attack with less complexity
199
than brute force: differential cryptanalysis. However, it requires an
2
unrealistic 247 chosen plaintexts.
30 Decemb 199
DES is reaffirmed for the third time as FIPS 46-2
er 3
199 The DESCHALL Project breaks a message encrypted with DES for the first
June
7 time in public.
199
July The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours.
8
199 Together, Deep Crack and distributed.net break a DES key in 22 hours and
January
9 15 minutes.
DES is reaffirmed for the fourth time as FIPS 46-3, which specifies the
199
25 October preferred use of Triple DES, with single DES permitted only in legacy
9
systems.
26 Novemb 200
The Advanced Encryption Standard is published in FIPS 197
er 1
200
26 May The AES standard becomes effective
2
200
19 May NIST withdraws FIPS 46-3 (see Federal Register vol 70, number 96)
5
200 The FPGA based parallel machine COPACOBANA of the University of Bochum
15 March
7 and Kiel, Germany, breaks DES in 6.4 days at $10,000 hardware cost
In this chapter, we refer to the combined problem of key distribution and secure
communications establishment as the security bootstrapping problem, or simply the
bootstrapping problem. A bootstrapping protocol must not only enable a newly
deployed sensor network to initiate a secure infrastructure, but it must also allow
nodes deployed at a later time to join the network securely. This is a challenging
problem due to the many limitations of sensor network hardware and software.
• A key generation algorithm that selects a private key uniformly at random from
a set of possible private keys. The algorithm outputs the private key and a
corresponding public key.
• A signing algorithm which, given a message and a private key, produces a
signature.
• A signature verifying algorithm which given a message, public key and a
signature, either accepts or rejects.
Two main properties are required. First, a signature generated from a fixed message
and fixed private key should verify on that message and the corresponding public key.
Secondly, it should be computationally infeasible to generate a valid signature for a
party who does not possess the private key.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
message, that information may not be accurate. Digital signatures can be used to
authenticate the source of messages. When ownership of a digital signature secret
key is bound to a specific user, a valid signature shows that the message was sent by
that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an account. If
the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission. Although
encryption hides the contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption algorithms, known as
nonmalleable ones, prevent this, but others do not.) However, if a message is digitally
signed, any change in the message will invalidate the signature. Furthermore, there is
no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible
by most cryptographic hash functions (see collision resistance).
Despite their usefulness, digital signatures alone do not solve the following problems:
Digital signature algorithms and protocols do not inherently provide certainty about
the date and time at which the underlying document was signed. The signer might
have included a time stamp with the signature, or the document itself might have a
date mentioned on it. Regardless of the document's contents, a reader cannot be
certain the signer did not, for example, backdate the date or time of the signature.
Such misuse can be made impracticable by using trusted time stamping in addition to
digital signatures.
c. Non-repudiation
Secure Electronic Transaction (SET) is a standard protocol for securing credit card
transactions over insecure networks, specifically, the Internet. SET is not itself a
payment system, but rather a set of security protocols and formats that enables users
to employ the existing credit card payment infrastructure on an open network in a
secure fashion.
Micro payments are means for transferring very small amounts of money, in
situations where collecting such small amounts of money with the usual payment
systems is impractical, or very expensive, in terms of the amount of money being
collected. "Micropayment" originally meant 1/1000th of a US dollar,[1][2], meaning a
payment system that could efficiently handle payments at least as small as a mill, but
now is often defined to mean payments too small to be affordably processed by credit
card or other electronic transaction processing mechanism. The use of micropayments
may be called Microcommerce
3. What is the difference between B2B and B2c website?
B2C websites are intermediary portals to link customers to suppliers. Some of the
major ones are ebay, an auction site. Yell, an internet version of yellow pages and
ZDNet a technology market place. All of these businesses exist primarily on the
internet. They are what is known as e-businesses (electronic businesses). All of them
can be classified under one general heading, market places.
B2C concerns itself with selling to the end user. Typically these are sites like
Amazon, online book retailers, lastminute.com, a "good times" portal. These sites are
more interested in passing the goods to the end user. There is likely a slight
difference between them and your business. They are actually internet based. That is
to say they exist primarily on the internet. Offices and warehousing are borne from
necessity of their internet success.
6. What is Offline?
1. Echeck
2.ECash
3.Credit and Debit Cards
4. Digital Wallet
5. Smart Cards
a. ICVERIFY
b. Authorize.Net
c. Cybercash
10. What is Protocols for the public transport of private information (or)
Security Protocols ?
Before discussing SET , a few Credit Card processing definitions are in order .
These terms are used throughout the SET document.
Cardholder : The consumer,customer ,you!
Issuer : The bank who issued you a credit card.
Merchant : The party from whom you are buying goods and Services.
It is also important to point out that MasterCard and Visa are associations with
banks comprising the membership.
PART – B
1. Echeck
2. ECash
3. Credit and Debit Cards
4. Digital Wallet
5. Smart Cards
1. ICVERIFY
2. Authorize.Net
3. Cybercash
Definition: SHTTP:
Cards:
Credit Cards
Credit Card is a card which allows a person to purchase goods and services on
borrowed money. It helps to purchase something without having to pay for it
immediately, instead the company or organization, issuing the credit card, makes the
payment on behalf of the customer but the customer is liable to pay the same to the
issuer of the card within a definite period of time which may vary depending upon the
credit card type and the issuing company. Thus, Credit Cards give financial flexibility
to the consumers.
In the year 1956 California's Bank of America first introduced credit cards to the
general mass. Some of the big vendors of credit cards are VISA, MasterCard and many
more.
Generally, the interest rate charged by the credit card companies on the
outstanding payable amount are higher than most of the popular loans. But they are
exempted from paying the interest rates when the customer pays the full outstanding
payable amount to the card issuer within a month.
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
Rate of interest on the credit cards vary from card to card. The rate generally
increases with an increase in a customer's outstanding payable amount.
Severe competition has led the credit card issuing companies to offer variety of
incentives to the consumers ranging from cash back to special incentives for frequent
users to gift certificates.
There are many credit cards which offer credits at low or nil interest rates. But
in such cases the time period of low interest rates are fixed (usually from 6 months to
1 year) and after which the rate hikes considerably.
Hence, Credit Cards have become a part and parcel of the modern life which
gives financial flexibility to the consumers.
If you are a new business with an untested product range, consider using a third
party credit card processor while you test the waters, which will incorporate a
payment gateway with a merchant account.
Many of these services will also incorporate a shopping cart application as part
of the deal (see links at the end of this article) These services may appear to cost
more, but they can save you from expensive long term contracts and initial outlay on
shopping cart applications.
If you intend using a third party credit card processor that combines gateway
services with a merchant account, added to the points already mentioned, ensure you
also check on monthly gateway fees, AVS costs, and any other added fraud protection
you wish to implement.
Third Party Credit Card Processors Can't afford a merchant account right now?
Check out these 3rd party credit card processing companies.
Instead of paying transaction fees, monthly statement fees, etc., they take a
percentage of your products cost (usually 3% to 15%). 3rd party processing is a great
option for Non-US businesses.
The hidden costs are in time and ease-of-use. Observe that: Several of the
service bureaus don't remit receipts immediately to the merchant There is a delay of
several weeks.
None of the service bureau solutions nor PayPal allow the merchant access to
the customer's credit card number.
PayPal's shopping cart is pretty rudimentary, figuring shipping only crudely and taxes
not at all.
CCNow's shopping cart is better than PayPal's, but their shipping calculation is
crude Since they are a Delaware corporation, state sales tax need not be calculated.
For example, a simple “purchase button” can be placed on your Web site. Once
a visitor decides to make a purchase, all they have to do is click on the button and
submit their information. That button sends the request to PayPal's back end where it
processes the entire transaction for you. And if your business sells multiple products
and services, PayPal can even provide you with a shopping cart solution free of
charge.
You can set the suggested retail price for your product. Each time we sell your
product, we pay you (and the affiliate, if any) that retail price less $1 + 7.5%.
ClickBank has a one-time $49.95 activation fee, and no monthly fees.
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
Basic Requirements
ClickBank only lists specific types of products. All products must be:
Deliverable entirely over the internet via web pages, downloadable files, or
email.
Backed by appropriate technical support pages, written in English, and hosted at your
own web site.
Fully compliant with US law, including FTC Advertising Rules and Disclosure
Rules Digibuy Digibuy is an electronic commerce solution for publishers of software,
shareware, electronic art, information, and data.
Using DigiBuy's turnkey service, you can quickly and inexpensively build a
secure storefront to merchandise your products, take orders online, process
payments, and distribute digital products over the Internet.
Take a look at DigiBuy's features We also offer a service for college students
and faculty looking to start their own digital business.
iBill Complete: As your merchant, iBill handles all banking, risk management,
affiliate management and customer service issues for clients selling products and
services on the Internet.
ccnow Are you an independent business with great products to sell? Let CCNow assist
you in selling online so that you have the time to manage the rest of your business.
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
CCNow is the perfect low cost solution to selling your products online. Learn how
CCNow helps business find customers online
4. What is E-Cash?
E-Cash represents several different types of products. This section explores the
different types of e-cash products and how each functions. The pros and cons of e-
cash versus competing products is also examined.
While many different companies are rushing to offer digital money products,
currently e-cash is cash is represented by two models. One is the on-line form of e-
cash (introduced by DigiCash) which allows for the completion of all types of internet
transactions. The other form is off-line; essentially a digitally encoded card that could
be used for many of the same transactions as cash. This off-line version (which also
has on-line capabilities) is being tested by Mondex in partnership with various banks.
The reality of E-cash is only slightly more complicated, and these complications
make the transactions both secure and private. The user downloads electronic money
from his bank account using special software and stores the E-cash on his local hard
drive. To pay a WWW merchant electronically, the E-cash user goes through the
software to pay the desired amount from the E-cash "wallet" to the merchants local
hard drive ("wallet") after passing the transaction through an E-cash bank for
authenticity verification. The merchant can then pay its bills/payroll with this E-cash or
upload it to the merchant's hard currency bank account. The E-cash company makes
money on each transaction from the merchant (this fee is very small, however) and
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
from royalties paid by banks which provide customers with E-cash software/hardware
for a small monthly fee. Transactions between individuals would not be subject to a
fee.
E-cash truly globalizes the economy, since the user can download money into
his cyber-wallet in any currency desired. A merchant can accept any currency and
convert it to local currency when the cybercash is uploaded to the bank account.
To the extent a user wants E-cash off-line, all that is necessary is smart card
technology. The money is loaded onto the smartcard, and special electronic wallets
are used to offload the money onto other smartcards or directly to an on-line system.
Smartcards have been used successful in other countries for such transactions as
phone calls for a number of years. The money could also be removed from a
smartcard and returned to a bank account. Visa is developing a related product, the
stored value card. This card comes in a variety of denominations, but functions more
like a debit card than E-cash.
There are several aspects to security when dealing with E-cash. The first issue is
the security of the transaction. How does one know that the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing bank to verify
(quickly) the authenticity of E-cash. These methods are susceptible to hackers, just as
paper currency can be counterfeited. However, promoters of E-cash point out that the
encryption methods used for electronic money are the same as those used to protect
nuclear weapon systems. The encryption security has to also extend to the smartcard
chips to insure that they are tamper resistant. While it is feasible that a system wide
breach could occur, it is highly unlikely. Just as the Federal Government keeps a step
ahead of the counterfeiters, cryptography stays a step ahead of hackers.
The ultimate area of security is faith in the currency. This, however, would still
be the responsibility of the Federal Government on a systemic basis. Essentially, the
E-cash is merely a representation of hard currency on deposit at banks. Thus, faith in
the system should not falter.
E-Cash Privacy
DigiCash claims it has developed a system that provides privacy for the user
without sacrificing security for the receiver. If a system is completely private, the
merchant has no way of verifying the validity of the electronic money. The user would
also be unable to have a receipt for the transaction. However, DigiCash utilizes a one-
sided signature. Basically, the user keeps record of payments made, but the merchant
only receives enough information to allow his bank to verify the authenticity of the E-
cash.
This signature process is also suppose to deter the criminal element of cash
transactions. Since a record of the transaction is created and kept (by the payee),
extortion, bribes, or other illegal transactions should occur less frequently.
E-Cash Regulation
A new medium of exchange presents new challenges to existing
laws. Largely, the laws and systems used to regulate paper currency are
insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency issuers.
In addition, consumer liability from bank cards will also have to be addressed
(currently $50 for credit cards). E-cash removes the intermediary from currency
transactions, but this also removes much of the regulation of the currency in the
current system.
Definition
b. Download the wallet form from the website and fill out the personal information
such as credit number, phone number, and address. By filling out the details once,
personal information will be completed automatically when customers click the E-
wallet when purchasing in the future.
d. When customers are ready to buy, one way is to click the E-wallet button to
execute the process; or drag information out of the wallet and drop it into the online
form.
Cooperating companies
Other on-line merchants who use e-wallet mode and support ECML include
1800-Batteries, Beyond.com, Dell Computer, Fashion.com, Healthshop.com,
Nordstrom , Omaha Steaks, and Reel.com (Casselman, 2000).
Jupiter Communications report that 27% of online buyers abandon orders before
checking out because of the hassle of filling out forms (Graphic Arts Monthly, 1999). E-
wallet shortens and simplifies the process of repeatedly filling out detailed
information, in a save environment. Customers not only save time but also have
control of personal data by being able to drag the proper card from the E-wallet pop-
up screen (Quinton, 1999:32).
However, the drawback is that users must download the wallet form and
software, after the download is complete, the wallet is installed as a plug-in or ActiveX
control which is within a browser that must also be installed. browser (Kerstetter,
1998:10).
Due to the popularity of the mobile phone, mobile phone bill payments will
predictably increase in the future. In Scandinavian countries such as Finland and
Sweden, it is estimate that over 60% of the population has mobile phones and already
has wireless mobile devices to pay for everyday purchases (Rayport and Jaworski,
2002:567).
EWallet Definition
eWallet is a system that stores a customer's data for easy retrieval for online
purchases. Since completing forms as part of an e-tail transaction can be a reason for
aborting a transaction, an eWallet service can reduce this inconvenience for the
consumer.
While electronic money has been an interesting problem for cryptography (see
for example the work of David Chaum and Markus Jakobsson), to date, use of digital
cash has been relatively low-scale. One rare success has been Hong Kong's Octopus
card system, which started as a transit payment system and has grown into a widely
used electronic cash system. Another success is Canada's Interac network, which in
2000 at retail (in Canada) surpassed cash [1] as a payment method. Singapore also
has an electronic money implementation for its public transportation system
(commuter trains, bus, etc), which is very similar to Hong Kong's Octopus card and
based on the same type of card (FeliCa). a good way to earn money easy, is noising to
bux, that pays you for see websites. join here..
Alternative systems
Many systems will sell their electronic currency directly to the end user, such as
Paypal and WebMoney, but other systems, such as e-gold, sell only through third
party digital currency exchangers.
In the case of Octopus Card in Hong Kong, deposits work similarly to banks'.
After Octopus Card Limited receives money for deposit from users, the money is
deposited into banks, which is similar to debit-card-issuing banks redepositing money
at central banks.
Some community currencies, like some LETS systems, work with electronic
transactions. Cyclos Software allows creation of electronic community currencies.
Various companies now sell VISA, Mastercard or Maestro debit cards, which can
be recharged via electronic money systems. This system has the advantage of greater
privacy if a card provider is located offshore, and greater security since the client can
never be debited more than the value on the prepaid card. Such debit cards are also
useful for people who do not have a bank account. Generally cards can be recharged
with either e-gold, e-Bullion, WebMoney, or via a wire transfer.
Advantages
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
Most money in today’s world is electronic, and tangible cash is becoming less
frequent. With the introduction of internet / online banking, debit cards, online bill
payments and internet business, paper money is becoming a thing of the past.
Banks now offer many services whereby a customer can transfer funds,
purchase stocks, contribute to their retirement plans (such as Canadian RRSP) and
offer a variety of other services without having to handle physical cash or cheques.
Customers do not have to wait in lines; this provides a lower-hassle environment.
Debit cards and online bill payments allow immediate transfer of funds from an
individual's personal account to a business's account without any actual paper
transfer of money. This offers a great convenience to many people and businesses
alike.
Disadvantages
Although there are many benefits to digital cash, there are also many
significant disadvantages. These include fraud, failure of technology, possible tracking
of individuals and loss of human interaction.
Fraud over digital cash has been a pressing issue in recent years. Hacking into
bank accounts and illegal retrieval of banking records has led to a widespread
invasion of privacy and has promoted identity theft. [citation needed]
There is also a pressing issue regarding the technology involved in digital cash.
Power failures, loss of records and undependable software often cause a major
setback in promoting the technology. [citation needed]Privacy questions have also
been raised; there is a fear that the use of debit cards and the like will lead to the
creation by the banking industry of a global tracking system. Some people are
working on anonymous ecash to try to address this issue. The issue of providing
anonymity to users itself introduces more problems, however; there is the distinct
possibility that a fully anonymous digital cash system could permit the "perfect crime"
- i.e., where a criminal uses someone else's electronic cash to make a payment, but
cannot be traced - to occur. For this reason, 'revokable anonymity' is a suggested
solution: a user is fully anonymous until they commit some crime, at which point
authorisation is given for their identity to be revealed. However, critics of this policy
point out that the anonymous users will never be caught and held trial (thus their
identity will never be revealed) without tracing.[citation needed]
Future evolution
The main focuses of digital cash development are 1) being able to use it through
a wider range of hardware such as secured credit cards; and 2) linked bank accounts
that would generally be used over an internet means, for exchange with a secure
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
micropayment system such as in large corporations (PayPal).
SET was developed by VISA and MasterCard (involving other companies such as
GTE, IBM, Microsoft, Netscape, RSA and VeriSign) starting in 1996.
SET is based on X.509 certificates with several extensions. SET uses a blinding
algorithm that, in effect, lets merchants substitute a certificate for a user's credit-card
number. This allows traders to credit funds from clients' credit cards without the need
of the credit card numbers.
SET was heavily publicized in the late 1990's as the credit card approved
standard, but failed to win market share. Reasons for this include:
Network effect - need to install client software (an e wallet).
Cost and complexity for merchants to offer support and comparatively low cost
and simplicity of the existing, adequate SSL based alternative.
SET was said to become the de facto standard of payment method on the
Internet between the merchants, the buyers, and the credit-card companies. When
SET is used, the merchant itself never has to know the credit-card numbers being sent
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
from the buyer, which provide a benefit for e-commerce.
People today pay for online purchases by sending their credit card details to the
merchant. A protocol such as SSL or TLS keeps the card details safe from
eavesdroppers, but does nothing to protect merchants from dishonest customers or
vice-versa. SET addresses this situation by requiring cardholders and merchants to
register before they may engage in transactions. A cardholder registers by contacting
a certificate authority, supplying security details and the public half of his proposed
signature key. Registration allows the authorities to vet an applicant, who if approved
receives a certificate confirming that his signature key is valid. All orders and
confirmations bear digital signatures, which provide authentication and could
potentially help to resolve disputes. A SET purchase involves three parties: the
cardholder, the merchant, and the payment gateway (essentially a bank). The
cardholder shares the order information with the merchant but not with the payment
gateway. He shares the payment information with the bank but not with the
merchant. A set dual signature accomplishes this partial sharing of information while
allowing all parties to confirm that they are handling the same transaction. The
method is simple: each party receives the hash of the withheld information. The
cardholder signs the hashes of both the order information and the payment
information. Each party can confirm that the hashes in their possession agrees with
the hash signed by the cardholder. In addition, the cardholder and merchant compute
equivalent hashes for the payment gateway to compare. He confirms their agreement
on the details withheld from him. All parties are protected. Merchants do not normally
have access to credit card numbers. Moreover, the mere possession of credit card
details does not enable a criminal to make a SET purchase; he needs the cardholder’s
signature key and a secret number that the cardholder receives upon registration. The
criminal would have better luck with traditional frauds, such as ordering by telephone.
It is a pity that other features of SET (presumably demanded by merchants) weaken
these properties. A merchant can be authorized to receive credit card numbers and
has the option of accepting payments given a credit card number alone. SET is a
family of protocols. The five main ones are cardholder registration, merchant
registration, purchase request, payment authorization, and payment capture. There
are many minor protocols, for example to handle errors. SET is enormously more
complicated than SSL, which merely negotiates session keys between the
cardholder’s and merchant’s Internet service providers. Because of this complexity,
much of which is unnecessary, the protocol is hardly used. However, SET contains
many features of interest: – The model is unusual. In the registration protocols, the
initiator possesses no digital proof of identity. Instead, he authenticates himself by
filing a registration form whose format is not specified. Authentication takes place
outside the protocol, when the cardholder’s bank examines the completed form. – The
dual signature is a novel construction. The partial sharing of information among three
peers leads to unusual protocol goals. – SET uses several types of digital envelope. A
digital envelope consists of two parts: one, encrypted using a public key, contains a
fresh symmetric key K and identifying information; the other, encrypted using K,
conveys the full message text. Digital envelopes keep public-key encryption to a
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
minimum, but the many symmetric keys complicate the reasoning. Most verified
protocols distribute just one or two secrets.
Business requirements
Book 1 of the SET specification lists the following business requirements for
secure payment processing with credit cards over the Internet and other networks:
Key features
To meet the business requirements, SET incorporates the following
features:
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication
Participants
• Cardholder
• Merchant
• Issuer
• Acquirer
• Payment gateway
• Certification authority
S-HTTP
Define HTTP:
S-HTTP:
Each S-HTTP file is either encrypted, contains a digital certificate, or both. For a
given document, S-HTTP is an alternative to another well-known security protocol,
Secure Sockets Layer (SSL).
S-HTTP does not use any single encryption system, but it does support the
Rivest-Shamir-Adleman public key infrastructure encryption system.
SSL works at a program layer slightly higher than the Transmission Control
Protocol (TCP) level. S-HTTP works at the even higher level of the HTTP application.
Both security protocols can be used by a browser user, but only one can be
used with a given document. Terisa Systems includes both SSL and S-HTTP in their
Internet security tool kits.
A number of popular Web servers support both S-HTTP and SSL. Newer browsers
support both SSL and S-HTTP.
S-HTTP has been submitted to the Internet Engineering Task Force (IETF) for
consideration as a standard. Request for Comments (RCFs) Internet draft 2660
describes S-HTTP in detail.
It Means the being sent from browser to server or server to browser is contained
within a special S-HTTP chunk of data
• S-HTTP Explained
o Secure HTTP Header Lines
a. Content Type Identifying the type of content contained within the S-HTTP
message.
Data is requested & delivered across the WWW using HTTP and S-HTTP.
Two other important protocols are there ( without which the WWW would not exist)
a. URL protocol defining the syntax of web documents and locations.
b. HTML protocol defining the syntax of the document themselves.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),
are cryptographic protocols that provide secure communications on the Internet for
such things as web browsing, e-mail, Internet faxing, instant messaging and other
data transfers. There are slight differences between SSL and TLS, but the protocol
remains substantially the same. The term "TLS" as used here applies to both protocols
unless clarified by context.
<>
This handshake results in the client & server agreeing on the level of security
they will use & fulfill any authentication requirements for the connection.
This protocol fully encrypts all the information in both the HTTP request and
HTTP response (URL, credit card numbers, username and pwd) and all the data
returned from the server to the client.
To require SSL to transmit a document, its URL must be defined in the form
:https://www.mcompany.com/secure.html
NOTE:
If the browser was implemented by S-HTTP & SSL protocol means we can view
the webpage S-HTTP , SSL and HTTP documents. Else we can view only HTTP
document.
It encapsulates the data transmitted between server and the client in an SSL
RECORD. However, the SSL header is only two or three bytes long; it is primarily used
to indicate how much data has been encapsulated and whether that includes data
padding to fill out the SSL record.
Data Padding is often necessary to make sure that the “real” data can be
properly encrypted with certain types of cipher.
An SSL session begins after the TCP session is initiated. SSL uses a handshaking
protocol, with the client and the software exchanging specific pieces of information in
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
order to build a secure channel for transmitting data.
The very first exchange between client and server is in plain text and contains
enough information for the two systems to initiate an encrypted and authenticated
data stream.
Two msgs.
1.client - master-key(encrypted master key)
2. client – finish (connection ID, encrypted)
Two msgs:
1. server - verify (encrypted challenge data)
2. server – finish (session ID)
Because HTTP +SSL(https) and http are different protocols and typically reside
on different ports (443 and 80, respectively), the same server system can run both
secure and insecure HTTP servers simultaneously. This means that HTTP can provide
some information to all users using no security, and https can provide information
only securely. For, instance, the “store-front” and merchandise catalog could be
insecure and the ordering payment forms could be secure.
Browsers who do not implement support for HTTP over SSL will not be able to access
https URLs.
UNIT – IV
PART – A
When customers order products electronically they should not make any
choices or any special arrangements. So the merchants should only make
arrangements for the products that he is going to sell via the net that is with the basic
requirements the customers should be able to order products.
For this purpose Banks and other financial institutions are working with
companies like cybercash, first virtual, netscape, Microsoft and others in an effort to
produce payment system for consumers and merchant alike.
Consumers can opt to do nothing beyond getting a web browser that supports
the secure exchange of transaction info. Using either SSL or SHTTP protocols.
a. The merchants must take greater care in setting up to accept electronic payments.
b. For this we can have someone to manage a secure web server and set up shop
there
c. There are hundreds of “electronic malls “ active on the internet on which
merchants can set up these shop.
PART – B
The expectation of consumers from the electronic commerce provider will probably be
• Reliability
• Security
• Simplicity
• Acceptability
Reliability
Consumers have come to rely on their credit cards and charge card companies
not just to extend credit, but to extend protection against.
a. Unsourplous vendors
b. Thieves
c. Vicissitudes of daily life
Security
This kind of transactions and methods used in encryption and decryption for
security can be exposed three any no. of non_internet attacks.
Simplicity
Acceptability
Conclusion
The industry is still in the very earliest phase of its infancy and is undergoing
rapid change every day . There are many companies that are involved in the internet
commerce area. Some of them are working together, while others are competing, the
only certainty is that “ Things will Change!!!”
First Virtual was one of the first Internet payment systems to be available to the
public, becoming fully operational in October of 1994. A main goal of this company
was to create an Internet payment system that was easy to use. Neither buyers nor
sellers are required to install new software, (though automated sale processing
software is available). If you have access to Internet email, you can sell or buy over
the Internet using the First Virtual System.
The First Virtual payment system is unique in that it does not use encryption. A
fundamental philosophy of their payment system is that certain information should
not travel over the Internet because it is an open network. This includes credit card
numbers. Instead of using credit card numbers, transactions are done using a First
VirtualPIN which references the buyer's First Virtual account. These PIN numbers can
be sent over the Internet because even if they are intercepted, they cannot be used to
charge purchases to the buyer's account. A person's account is never charged without
email verification from them accepting the charge.
The following steps occur during a sale when using the First Virtual payment
system:
Merchant requests buyer's First VirtualPIN (usually through a form on a WWW page).
Merchant can then check whether the VirtualPIN actually belongs to a real First
Virtual account that is in good standing. Merchants can verify accounts by using the
following programs; Finger, Telnet, email, or the FV_API utility.
The merchant then initiates a payment transaction through First Virtual. This
payment transaction is initiated by sending the following information either by email,
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
Telnet, or a SMXP enabled program to First Virtual;
A buyer can also respond NO, to state that they are unsatisfied with the item
and are unwilling to pay, or FRAUD, to state that they never made the purchase and
someone must have stolen their VirtualPIN.
After a waiting period, (91 days after buyer's credit card has been charged), the
amount of the sale minus transaction fees are directly deposited into the merchant's
account.
Note - The 91 day waiting period is in place to protect First Virtual from buyers who
dispute the charge on their credit card and have the credit card company chargeback
First Virtual for all or part of the sale.
Advantages:
Neither buyer or seller needs to install any software in order to use the system.
Buyers are virtually 100 % protected from fraud. No charges are processed against
their account without their confirmation.
Purchases are essentially anonymous. The merchant is never given the buyer's name
from First Virtual.
First Virtual has very low processing fees compared to other Internet payment
schemes or even straight credit card processing.
Disadvantages:
I strongly urge that anyone interested in learning more about First Virtual visit
their WWW site. It contains detailed descriptions of everything involved plus the forms
necessary for opening an account. They have also recently published a paper
discussing their first year on line, Perils and Pitfalls of Practical CyberCommerce.
3. Explain CyberCash?
In 1995, the company proposed RFC 1898, CyberCash Credit Card Protocol
Version 0.8. The company went public on February 19, 1996 with the symbol "CYCH"
and its shares rose 79% on the first day of trading.
On January 1, 2000, CyberCash fell victim to the Y2K Bug, causing double
recording of credit card payments through their system.
E-com providers are those who make enough preparations or arrangements for
the business via the internet. They use the latest and apt technologies so that they
can be successful to best adapt the internet business environment.
When customers order products electronically they should not make any
choices or any special arrangements. So the merchants should only make
arrangements for the products that he is going to sell via the net that is with the basic
requirements the customers should be able to order products.
For this purpose Banks and other financial institutions are working with
companies like cybercash, first virtual, netscape, Microsoft and others in an effort to
produce payment system for consumers and merchant alike.
Consumer choices:
Consumers can opt to do nothing beyond getting a web browser that supports
the secure exchange of transaction info. Using either SSL or SHTTP protocols.
a. lets the customer pay for goods and services by credit card.
b. It protects the transaction from being intercepted.
But his doesn’t protect the consumers from dishonest merchants. For that consumers
must be educated.
The transaction of the amount is made with the credit cards. But problems are also
there with these credit cards.
Merchant Options:
a. The merchants must take greater care in setting up to accept electronic payments.
b. For this we can have someone to manage a secure web server and set up shop
there
c. There are hundreds of “electronic malls “ active on the internet on which
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
merchants can set up these shop.
• Reliability
• Security
• Simplicity
• Acceptability
Reliability
Consumers have come to rely on their credit cards and charge card companies
not just to extend credit, but to extend protection against
a. Unsourplous vendors
b. Thieves
c. Vicissitudes of daily life
The same kind of reliability will be expected of electronic commerce providers.
Security
a. This is a very important issue which will never go away.
b. The strongest possible encryption will have many security loop hole in it.(Even if
the strongest possible encryption is used to send payment info. there are still many
security holes).
This kind of transactions and methods used in encryption and decryption for
security can be exposed three any no. of non_internet attacks.
c. The dissatisfied employee with access to payment info.
d. Storage of payment info with insufficient security.
e. Improper disposal of printed material.
Simplicity
a. E-com schemes must be simple to achieve widespread appeal.
b. Consumers prefer to use a single, multipurpose credit card such as Visa or Master
card rather than set up credit accounts with every diff retailer they purchase from.
c. The same goes for e-com schemes, if they can be made to be simple, painless and
even more easy than transacting business in person, then they will be successful.
Acceptability
Conclusion
The industry is still in the very earliest phase of its infancy and is undergoing
rapid change every day . There are many companies that are involved in the internet
commerce area. Some of them are working together, while others are competing, the
only certainty is that “ Things will Change!!!”
UNIT – V
ONLINE COMMERCE ENVIRONMENTS
PART – A
2. What is Standards?
As more trading partners use the Internet for transmission, standards have
emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure
method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group
ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing
similar documents for FTP transfers (aka. AS3). While some EDI transmission has
moved to these newer protocols the providers of the value-added networks remain
active.
EDI documents generally contain the same information that would normally be
found in a paper document used for the same organizational function. For example an
EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to
ship product to a retailer. It typically has a ship to address, bill to address, a list of
product numbers (usually a UPC code) and quantities. It may have other information if
the parties agree to include it. However, EDI is not confined to just business data
related to trade but encompasses all fields such as medicine (e.g., patient records and
laboratory results), transport (e.g., container and modal information), engineering and
construction, etc. In some cases, EDI will be used to create a new business
information flow (that was not a paper flow before). This is the case in the Advanced
Shipment Notification (856) which was designed to inform the receiver of a shipment,
the goods to be received and how the goods are packaged.
All of these standards first appeared in the early to mid 1980s. The standards
prescribe the formats, character sets, and data elements used in the exchange of
business documents and forms. The complete X12 Document List includes all major
business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and
an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).
The EDI standard says which pieces of information are mandatory for a
particular document, which pieces are optional and give the rules for the structure of
the document. The standards are like building codes. Just as two kitchens can be built
"to code" but look completely different, two EDI documents can follow the same
Organizations that send or receive documents from each other are referred to
as "trading partners" in EDI terminology. The trading partners agree on the specific
information to be transmitted and how it should be used. This is done in human
readable specifications (also called Message Implementation Guidelines). While the
standards are analogous to building codes, the specifications are analogous to blue
prints. (The specification may also be called a mapping but the term mapping is
typically reserved for specific machine readable instructions given to the translation
software.) Larger trading "hubs" have existing Message Implementation Guidelines
which mirror their business processes for processing EDI and they are usually
unwilling to modify their EDI business practices to meet the needs of their trading
partners. Often in a large company these EDI guidelines will be written to be generic
enough to be used by different branches or divisions and therefore will contain
information not needed for a particular business document exchange. For other large
companies, they may create separate EDI guidelines for each branch/division.
Trading partners are free to use any method for the transmission of documents.
In the past one of the more popular methods was the usage of a bisync modem to
communicate through a Value Added Network (VAN). Some organizations have used
direct modem to modem connections and Bulletin Board Systems (BBS), and recently
there has been a move towards using the some of the many Internet protocols for
transmission, but most EDI is still transmitted using a VAN. In the healthcare industry,
a VAN is referred to as a "Clearinghouse".
In the most basic form, a VAN acts as a regional post office. They receive
transactions, examine the 'From' and the 'To' information, and route the transaction
to the final recipient. VANs provide a number of additional services, e.g.
retransmitting documents, providing third party audit information, acting as a
gateway for different transmission methods, and handling telecommunications
support. Because of these and other services VANs provide, businesses frequently use
a VAN even when both trading partners are using Internet-based protocols.
Healthcare clearinghouses perform many of the same functions as a VAN, but have
additional legal restrictions that govern protected healthcare information.
PART – B
EDI translation software provides the interface between internal systems and
the EDI format sent/received. For an "inbound" document the EDI solution will receive
the file (either via a Value Added Network or directly using protocols such as FTP or
AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that
the trading partner who is sending the file is a valid trading partner, that the structure
of the file meets the EDI standards and that the individual fields of information
conforms to the agreed upon standards. Typically the translator will either create a
file of either fixed length, variable length or XML tagged format or "print" the received
EDI document (for non-integrated EDI environments). The next step is to
convert/transform the file that the translator creates into a format that can be
imported into a company's back-end business systems or ERP. This can be
accomplished by using a custom program, an integrated proprietary "mapper" or to
use an integrated standards based graphical "mapper" using a standard data
transformation language such as XSLT. The final step is to import the transformed file
(or database) into the company's back-end enterprise resource planning (ERP).
For an "outbound" document the process for integrated EDI is to export a file (or
read a database) from a company's back-end ERP, transform the file to the
appropriate format for the translator. The translation software will then "validate" the
EDI file sent to ensure that it meets the standard agreed upon by the trading partners,
convert the file into "EDI" format (adding in the appropriate identifiers and control
structures) and send the file to the trading partner (using the appropriate
communications protocol).
Barriers to implementation
There are a few barriers to adopting electronic data interchange. One of the
most significant barriers is the accompanying business process change. Existing
business processes built around slow paper handling may not be suited for EDI and
would require changes to accommodate automated processing of business
documents. For example, a business may receive the bulk of their goods by 1 or 2 day
shipping and all of their invoices by mail. The existing process may therefore assume
that goods are typically received before the invoice. With EDI, the invoice will typically
be sent when the goods ship and will therefore require a process that handles large
numbers of invoices whose corresponding goods have not yet been received.
Another significant barrier is the cost in time and money in the initial set-up.
The preliminary expenses and time that arise from the implementation, customization
and training can be costly and therefore may discourage some businesses. The key is
to determine what method of integration is right for your company which will
determine the cost of implementation. For a business that only receives one P.O. per
year from a client, fully integrated EDI may not make economic sense. In this case,
businesses may implement inexpensive "rip and read" solutions or use outsourced EDI
solutions provided by EDI "Service Bureaus". For other businesses, the
implementation of an integrated EDI solution may be necessary as increase in trading
volumes brought on by EDI force them to re-implement their order processing
business processes.
The key hindrance to a successful implementation of EDI is the perception many
businesses have of the nature of EDI. Many view EDI from the technical perspective
that EDI is a data format; it would be more accurate to take the business view that
EDI is a system for exchanging business documents with external entities, and
integrating the data from those documents into the company's internal systems.
Successful implementations of EDI take into account the effect externally generated
information will have on their internal systems and validate the business information
received. For example, allowing a supplier to update a retailer's Accounts Payables
system without appropriate checks and balances would be a recipe for disaster.
Businesses new to the implementation of EDI should take pains to avoid such pitfalls.
DESCRIPTION
Integrated Security
Advanced security features are provided using the open SSL protocol, which has
been published on the Internet and adopted by major providers of Internet hardware
and software products, financial institutions, and certification authorities.
• Server authentication, which allows any SSL compatible client to verify the identity
of the server using a certificate and a digital signature.
• Data integrity, which verifies that the contents of a message arrive at their
destination in the same form as they were sent.
SSL employs public key cryptographic technology from RSA Data Security, an
established leader in Computer data security, and works with various encryption
algorithms.
Netscape Commerce Server supports public key encryption and delivers server
authentication using signed digital certificates. A digital certificate is used to associate
an identity with a server’s public key. Digital signatures ensure the integrity and
authenticity of information within a certificate. Netscape Commerce Server requires a
signed digital certificate to operate securely;
Encryption Support Netscape Commerce Server is available in both 40-bit and 128-
bit encryption schemes. The difference between 128- and 40-bit encryption is, most
notably, that the U.S. government restricts the export of 128-bit encryption but not
the export of 40-bit encryption.128-bit encryption provides significantly greater
cryptographic protection than 40-bit encryption. It is now necessary to employ larger
keys to counter the increasing computing power of potential criminals.
128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit
encryption is roughly
Note: Netscape products use a different key for every different security-enhanced
communication, regardless of key size. This means that even if criminals were to
devote significant resources and time to breaking a key for one encrypted
communication, the discovered key would be useless for other communications.
Please note that this product is subject to export restrictions under the U.S.
Department of Commerce’s Export Administration Regulations (EAR) and cannot be
transmitted in any form outside the United States or to a foreign national in the United
States without a valid Department of Commerce export license.
Open Standards
Configuration, and maintenance. Forms are used for the initial server
configuration, as well as to manage all server functions, including user authorization,
transaction logging, and process configuration.
TECHNICAL SPECIFICATIONS
• Provides integrated security using SSL, which incorporates public key cryptography
technology from RSA Data Security.
• Offers enhanced user authorization, including HTTP V1.0 access authorization, IP
and DNS-based access control, local access control, user-controlled passwords, and
named groups.
• Provides an intuitive graphical user interface using Netscape Navigator for
installation, configuration, and management.
• Extensive online documentation provides context sensitive help.
• Log analysis tools allow summaries of log information so that it can be used to
better manage server functions.
• Provides flexibility in configuration and management, including:
— Configuration by file, directory, shell wildcard pattern, or template. Templates
allow a set of configuration parameters to be created and applied to multiple
directories (such as all user directories)
— Configurable logging options; client accesses logged in common logfile format
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
— Custom error messages
SOFTWARE PREREQUISITES
• DECwindows™ Motif ® Version 1.2-3 for OpenVMS or later (only needed for running
a browser on Open- VMS to manage the server)
• DIGITAL TCP/IP Services for OpenVMS Version 3.3 or later or any TCP/IP product for
OpenVMS that supports the Berkeley socket interface
HARDWARE REQUIREMENTS
• Media: OpenVMS Internet Product Suite Media Kit (CD–ROM; Alpha and VAX):
QA-5CNAA-H8 (International) QA-577AA-H8 (U.S. and Canada only)
• License: Netscape Commerce Server V1.12 for OpenVMS VAX or Alpha: QL-579A9-
AA (International)
QL-5CQA9-AA (U.S. and Canada only)
SOFTWARE WARRANTY
DIGITAL warrants its software products according to the terms of the DIGITAL
license for each product. DIGITAL warrants that the software will substantially conform
to the applicable Software Product Description or documentation accompanying the
software unless provided "AS IS."
A variety of service options for this product are available from DIGITAL. For
more information, contact your local DIGITAL account representative.
For more information about OpenVMS Internet Product Suite, visit the OpenVMS
home page at: http://www.openvms.digital.com ™ DEC, DECnet, DECwindows,
DIGITAL, OpenVMS,VAX, VAXcluster, and the DIGITAL logo are trademarks of Digital
Equipment Corporation.
a. Standards
As more trading partners use the Internet for transmission, standards have
emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure
method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing
similar documents for FTP transfers (aka. AS3). While some EDI transmission has
moved to these newer protocols the providers of the value-added networks remain
active.
EDI documents generally contain the same information that would normally be
found in a paper document used for the same organizational function. For example an
EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to
ship product to a retailer. It typically has a ship to address, bill to address, a list of
product numbers (usually a UPC code) and quantities. It may have other information if
the parties agree to include it. However, EDI is not confined to just business data
related to trade but encompasses all fields such as medicine (e.g., patient records and
laboratory results), transport (e.g., container and modal information), engineering and
construction, etc. In some cases, EDI will be used to create a new business
information flow (that was not a paper flow before). This is the case in the Advanced
Shipment Notification (856) which was designed to inform the receiver of a shipment,
the goods to be received and how the goods are packaged.
All of these standards first appeared in the early to mid 1980s. The standards
prescribe the formats, character sets, and data elements used in the exchange of
business documents and forms. The complete X12 Document List includes all major
business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and
an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).
The EDI standard says which pieces of information are mandatory for a
particular document, which pieces are optional and give the rules for the structure of
the document. The standards are like building codes. Just as two kitchens can be built
"to code" but look completely different, two EDI documents can follow the same
standard and contain different sets of information. For example a food company may
indicate a product's expiration date while a clothing manufacturer would choose to
send color and size information.
b. Specifications
Organizations that send or receive documents from each other are referred to
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
as "trading partners" in EDI terminology. The trading partners agree on the specific
information to be transmitted and how it should be used. This is done in human
readable specifications (also called Message Implementation Guidelines). While the
standards are analogous to building codes, the specifications are analogous to blue
prints. (The specification may also be called a mapping but the term mapping is
typically reserved for specific machine readable instructions given to the translation
software.) Larger trading "hubs" have existing Message Implementation Guidelines
which mirror their business processes for processing EDI and they are usually
unwilling to modify their EDI business practices to meet the needs of their trading
partners. Often in a large company these EDI guidelines will be written to be generic
enough to be used by different branches or divisions and therefore will contain
information not needed for a particular business document exchange. For other large
companies, they may create separate EDI guidelines for each branch/division.
c. Transmission
Trading partners are free to use any method for the transmission of documents.
In the past one of the more popular methods was the usage of a bisync modem to
communicate through a Value Added Network (VAN). Some organizations have used
direct modem to modem connections and Bulletin Board Systems (BBS), and recently
there has been a move towards using the some of the many Internet protocols for
transmission, but most EDI is still transmitted using a VAN. In the healthcare industry,
a VAN is referred to as a "Clearinghouse".
In the most basic form, a VAN acts as a regional post office. They receive
transactions, examine the 'From' and the 'To' information, and route the transaction
to the final recipient. VANs provide a number of additional services, e.g.
retransmitting documents, providing third party audit information, acting as a
gateway for different transmission methods, and handling telecommunications
support. Because of these and other services VANs provide, businesses frequently use
a VAN even when both trading partners are using Internet-based protocols.
Healthcare clearinghouses perform many of the same functions as a VAN, but have
additional legal restrictions that govern protected healthcare information.
c. Interpreting data
EDI translation software provides the interface between internal systems and
the EDI format sent/received. For an "inbound" document the EDI solution will receive
the file (either via a Value Added Network or directly using protocols such as FTP or
AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that
the trading partner who is sending the file is a valid trading partner, that the structure
of the file meets the EDI standards and that the individual fields of information
conforms to the agreed upon standards. Typically the translator will either create a
file of either fixed length, variable length or XML tagged format or "print" the received
EDI document (for non-integrated EDI environments). The next step is to
convert/transform the file that the translator creates into a format that can be
imported into a company's back-end business systems or ERP. This can be
accomplished by using a custom program, an integrated proprietary "mapper" or to
use an integrated standards based graphical "mapper" using a standard data
transformation language such as XSLT. The final step is to import the transformed file
(or database) into the company's back-end enterprise resource planning (ERP).
For an "outbound" document the process for integrated EDI is to export a file (or
read a database) from a company's back-end ERP, transform the file to the
appropriate format for the translator. The translation software will then "validate" the
EDI file sent to ensure that it meets the standard agreed upon by the trading partners,
convert the file into "EDI" format (adding in the appropriate identifiers and control
structures) and send the file to the trading partner (using the appropriate
communications protocol).
Barriers to implementation
There are a few barriers to adopting electronic data interchange. One of the
most significant barriers is the accompanying business process change. Existing
business processes built around slow paper handling may not be suited for EDI and
would require changes to accommodate automated processing of business
documents. For example, a business may receive the bulk of their goods by 1 or 2 day
shipping and all of their invoices by mail. The existing process may therefore assume
that goods are typically received before the invoice. With EDI, the invoice will typically
be sent when the goods ship and will therefore require a process that handles large
numbers of invoices whose corresponding goods have not yet been received.
Another significant barrier is the cost in time and money in the initial set-up.
The preliminary expenses and time that arise from the implementation, customization
and training can be costly and therefore may discourage some businesses. The key is
to determine what method of integration is right for your company which will
determine the cost of implementation. For a business that only receives one P.O. per
year from a client, fully integrated EDI may not make economic sense. In this case,
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
businesses may implement inexpensive "rip and read" solutions or use outsourced EDI
solutions provided by EDI "Service Bureaus". For other businesses, the
implementation of an integrated EDI solution may be necessary as increase in trading
volumes brought on by EDI force them to re-implement their order processing
business processes.
Increased efficiency and cost savings drive the adoption of EDI for most trading
partners. But even if a company would not choose to use EDI on their own, pressures
from larger trading partners (called hubs) often force smaller trading partners to use
EDI.
DESCRIPTION
Integrated Security
• Server authentication, which allows any SSL compatible client to verify the identity
of the server using a certificate and a digital signature.
• Data integrity, which verifies that the contents of a message arrive at their
destination in the same form as they were sent.
SSL employs public key cryptographic technology from RSA Data Security, an
established leader in Computer data security, and works with various encryption
algorithms.
Netscape Commerce Server supports public key encryption and delivers server
authentication using signed digital certificates. A digital certificate is used to associate
an identity with a server’s public key. Digital signatures ensure the integrity and
authenticity of information within a certificate. Netscape Commerce Server requires a
signed digital certificate to operate securely;
Encryption Support Netscape Commerce Server is available in both 40-bit and 128-
bit encryption schemes. The difference between 128- and 40-bit encryption is, most
notably, that the U.S. government restricts the export of 128-bit encryption but not
the export of 40-bit encryption.128-bit encryption provides significantly greater
cryptographic protection than 40-bit encryption. It is now necessary to employ larger
keys to counter the increasing computing power of potential criminals.
128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit
encryption is roughly